enterprise risk management (erm) practices...
TRANSCRIPT
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1232
Full Terms & Conditions of access and use can be found at
http://hrmars.com/index.php/pages/detail/publication-ethics
Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify Adopters and Non-Adopters of ERM for SMEs
Khairul Afzan Aziz, Ahmad Shukri Yazid, Mohd Sadad Mahmod, Norfadzilah Rashid, Fauzilah Salleh, Puspa Liza Ghazali and Suraya Mahmood
To Link this Article: http://dx.doi.org/10.6007/IJARBSS/v8-i11/5165 DOI: 10.6007/IJARBSS/v8-i11/5165
Received: 28 Oct 2018, Revised: 21 Nov 2018, Accepted: 30 Nov 2018
Published Online: 03 Dec 2018
In-Text Citation: (Aziz et al., 2018) To Cite this Article: Aziz, K. A., Yazid, A. S., Mahmod, M. S., Rashid, N., Salleh, F., Ghazali, P. L., & Mahmood, S.
(2018). Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify Adopters and Non-Adopters of ERM for SMEs. International Journal of Academic Research in Business and Social Sciences, 8(11), 1231–1245.
Copyright: © 2018 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com) This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode
Vol. 8, No. 11, 2018, Pg. 1231 - 1245
http://hrmars.com/index.php/pages/detail/IJARBSS JOURNAL HOMEPAGE
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1233
Enterprise Risk Management (ERM) Practices among Malaysian SMEs: The Three Steps Process to identify
Adopters and Non-Adopters of ERM for SMEs
1Khairul Afzan Aziz, 2Ahmad Shukri Yazid, 3Mohd Sadad Mahmod, 4Norfadzilah Rashid, 4Fauzilah Salleh, 5Puspa Liza Ghazali and
6Suraya Mahmood 1Research Institute for Islamic Products &Civilisation (INSPIRE)
Universiti Sultan Zainal Abidin (Unisza), Gong Badak Campus, 21300 Kuala Nerus, Terengganu 2,3,4,5,6Faculty of Economics and Management Sciences, Universiti Sultan Zainal Abidin (Unisza),
Gong Badak Campus, 21300 Kuala Nerus, Terengganu Corresponding Author : [email protected]
Abstract According to the World Bank research involving SMEs from 104 developing countries has found that small firms have the largest shares of job creation, highest sales growth and employment growth compare to large firm. However, large firm is more productive. Similarly, SMEs in Malaysia also contribute significantly to the economic development especially in creating new job opportunities. SMEs involvements in business expose themselves to risks. Hence, SMEs need risk management. A review of current literature was focus to the adoption of ERM among large firm. However studies that have been conducted to examine ERM adoption among SME are still lacking. More important, the identification of adopters and non-adopters are based on the large firm’s ERM indicator such as Chief Risk Officer (CRO) or COSO (2004) whereas SMEs with difference characteristic need a suitable adopters and non-adopters identification process. Thus, the main objective of this paper is to propose a simple and systematic identification process of adopters and non-adapters of ERM for SMEs. Keywords: Enterprise Risk Management (ERM), ERM Adoption, Adopters, Non-adopters, ERM for SMEs, Malaysian SMEs. 1. Introduction Small and Medium Enterprises (SMEs) play a vital role in most countries especially developing countries. Base on the World Bank Enterprise Surveys (ES) database, a study of 49,370 firms in 104 countries revealed that SMEs have the largest shares of job creation, highest sales growth and employment growth compare to large firm (Ayyagari, Demirguc-Kunt, & Maksimovic, 2011).
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1234
In Malaysia, SMEs accounting for 98.5 percent of total business or 907,065 establishments and account for 36.3 percent of the GDP, 65.5 percent of employment and 17.6 percent of export (SME Corporation Malaysia, 2016) According to SME Corp, SMEs in Malaysia are defined as:
i) Manufacturing sectors with annual sales turnover not exceeding RM 50 million or full-time of employees not exceeding 200 workers (previously less than 25 million annual sales turnover and less than 150 workers); and
ii) Services and other sectors with sales turnover not exceeding RM 20 million or full-time employees not exceeding 75 workers (previously less than 5 million annual sales turnover and less than 50 workers).
SMEs in Malaysia have low productivity compare to large firm (SME Corporation Malaysia, 2012) and SMEs in other developed countries. SMEs productivity per worker averaged RM 47,000 which is about one-third the productivity of large establishment. Likewise, SMEs in the United States and Singapore are seven and four times more productive respectively than Malaysian SMEs(SME Corporation Malaysia, 2012). Productivity issues are similar to most of SMEs in developing countries (Ayyagari et al., 2011). Low productivity is one of the symptom of SMEs failure or crisis (Ropega, 2011) and part of risk. In general SMEs face risks externally and internally. Externally, business is changing quickly and generating a great deal of uncertainty such as changing customer tastes, new product development and technology. Internally, SMEs face the risks such as human error, fraud, system failure, the disruption of production and so on (Dickinson, 2001). This environment forces firms, especially SMEs to be innovative and constantly review their processes and practices in order to keep survive (Bahri, St‐Pierre, et al., 2011). Therefore in order to manage risks, Enterprise Risk Management (ERM) could be a solution to SMEs. Given the size and managerial structure of SMEs, the process of establishing and using ERM is relatively simple given the close relationship between owners, managers and operators of the enterprise (Yolande Smit, 2012). The main objective of this paper is to propose a simple and systematic approach to identify adopters and non-adopters of ERM for SMEs in Malaysia using 3 step process derived from previous literature namely Application of Risk Management in Small Business (Alliance, 2005), Enterprise Wide Risk Components (Lam, 2014) and COSO (2004) ERM Framework. 2. Problem Statement In Malaysia, ERM practices still at early stages. Among current practices such as government initiative to introduce the Malaysian Code of Corporate Governance 2012 which is required the board of public listed company in Bursa Malaysia to identify principle risks and ensuring the implementation of appropriate internal control and mitigation measures (Securities Commission Malaysia, 2012). Despite of the regulation upon public listed company in Malaysia to implement risk management, the adoption rate is still relatively low compare to the other developed countries (Togok, 2016; Yazid, Hussin, & Daud, 2011a). Event related to risk has terrible effect on SMEs than in large firms (Kiew & Angeline, 2016). Risk management is a major issues for SME (Brustbauer, 2016). Although ERM is an effective proactive
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1235
risk prevention tool for SMEs (Vadiveloo & Aguirre, 2013), the ERM practices among Malaysian SMEs are still questionable. For example there is a risk issues on fraud in business organization in Malaysia but they tend to put the matter a side (Shanmugam, Ali, Hassan, & Haat, 2012). Furthermore only small numbers of SMEs in Malaysia are expanding into larger establishment. SMEs are afraid of taking risk and facing uncertainties when they become large corporation (Salleh & Ibrahim, 2011). Besides growing in size, SMEs need to face the challenges such as vulnerability in financial market, political instability, raising cost of energy and frequent natural disaster that would directly affect the future direction and growth of SMEs. Therefore, ERM is crucial to be implemented by SMEs to reduce exposure to business loss (Kiew & Angeline, 2016). Hence, it is important to study ERM in the context of SMEs in order to understand the practice of ERM to encourage adoption of ERM among non-adopter and to extent the use of ERM at its full potential. Even though the study of ERM practices among SMEs is increasing recently, it is still limited (Amalina, Abdullah, Zakuan, Khayon, & Ariff, 2012; Ekwere, 2016; Razali & Tahir;, 2011). SMEs risk management has not received desired attention in the literatures (Gorzeń-Mitka, 2013; Yusuf & Dansu, 2013). Furthermore, the majority of studies examined SMEs in developed European Countries (Falkner & Hiebl, 2015) and still limited in Asian Region (Togok, 2016). Although a current research stated that 80% of respondents from 214 SMEs in Malaysia are clear about the importance of risk management to achieve organizational long term sustainability (Kiew & Angeline, 2016), there is still a need to study on the adoption of ERM among non-adopters and extension factors among adopters to ease the extent and future research of ERM practices among SMEs. However, the more critical issues are arise from the study on how to identify adopters and non-adopters for SMEs. Most of the researches were focused on large firm, public listed company and government linked company that capable to employ chief risk officer (CFO) and form a team of management to handle risk issues, whereas, SMEs with limited resources such as financial and human resources are unable to adopt ERM in the same indication are used. Therefore, reconsidering on how to identify ERM adoption for SMEs should be more practical. Therefore, this paper aim to purpose a simple and systematic process to identify and determine adopters and non-adopters to help the researcher to do research regarding the topic on ERM for SMEs with three simple step and systematic approach. Hence this study will fill the gap in literature. 3. Literature Review In the literature the name ERM is sometimes replaced by synonyms like Enterprise-Wide Risk Management, Holistic Risk Management, Integrated Risk Management and Strategic Risk Management. Enterprise Risk Management (ERM) has emerged as a new risk management technique aimed at managing the portfolio of risks facing an organization in an integrated, enterprise-wide manner. Unlike traditional risk management, where individual risk categories are managed from a silo-based perspective, ERM involves a holistic view of risks allowing business to take into account correlations across all risk classes(Monda & Giorgino, 2013) In general ERM is known as a systematically integrated and discipline approach in managing risks within organizations to ensure firms achieves their objective which is to maximize and create value
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1236
for their stakeholder (Razali & Tahir, 2011).Many organizations are implementing ERM process to increase the effectiveness of their risk management activities, with the prime goal of increasing stakeholder value (Beasley, Clune, & Hermanson, 2005a) In SMEs context, according to Vadiveloo & Aguirre (2013)ERM is a form of micro risk management and a comprehensive approach addressing risk in all functional areas and also an effective proactive risk prevention tool for SMEs. Therefore for the purpose of this study, ERM for SMEs can be defined as; ERM for SMEs is a micro risk management consist of culture, capabilities and practices that use comprehensive approach in addressing and managing risks proactively in all functional areas within organization with the ultimate goals to maximize stakeholder value.
4. The Identification Process of Adopters and Non-adopters of ERM From the very beginning of this study, researcher has found difficulty to distinguish between adopters and non-adopters among SMEs especially in Malaysia. As mentioned by Hoyt, Moore, & Liebenberg (2008), a major obstacle to empirical research in ERM is the difficulty in identifying firms engaging in ERM. Moreover, most of the firm are either implemented a complete or partial ERM Framework (Abdul Rasid & Abdul Rahman, 2009). Lundqvist (2014) in the study of dimension used to determine ERM implementation in a firm have found that most of the available studies have used inconsistent dimension. Most of previous researchers identify and measure the ERM implementation using certain proxies such as chief risk officer or senior risk officer (Beasley, Clune, & Hermanson, 2005b; Hoyt et al., 2008; Lam, n.d.; Pagach & Warr, 2008; Yazid, Razali, & Hussin, 2011). Moreover, most of the studies done related to ERM were mainly US-based and scare to find research in Malaysia environment (Shanmugam et al., 2012). However, several research finding from Malaysia context on public listed companies (PLCs) (Togok, 2016; Wan Daud, Yazid, & Hussin, 2010) and Government-Linked Companies (GLCs) (Yazid, Hussin, & Daud, 2011b) also have shown that CRO is one of the indicator used to differentiate between adopters and non-adopters. However, using a CRO would identify too few firms as ERM adopters (Lundqvist, 2014). Hence, this research has purposed 3 steps process in order to identify the adopters or non-adopters of ERM among SMEs. See figure 1.2. First step - Preliminary Identification: SMEs need to answer ‘Yes’ or ‘No’ to show either they have adopted or have not adopted ERM. The instrument used as follow: Table 1.1: Survey Question represents Step 1 Identification of adopters and Non-adopters
Question Answer
Did you use Enterprise Risk Management in your company Yes No
However, (Beasley, Clune, & Hermanson, 2005c) purpose a range of ERM adoption level rather than just use ‘Yes’ or ‘No as an indicator for ERM adoption. Therefore, second step was proposed.
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1237
Second step – Basic ERM implementation To support the first answer, the adopters need to state the level of ERM involvement or adoption in their business area including business planning, human resource management, outsourcing, sales of product and services, emergency plan, financial management, product and services development. All this area suggested in application of enterprise risk management in SMEs (Alliance, 2005). Table 1.2: Application of ERM in SMEs
Management Level Area Application of risk management
Strategy and planning Business continuity planning Business interruption procedures and strategies
Emergency planning Contingency planning Disaster planning and recovery Fire and life safety management
Business planning Business plan Strategic plan
Human resource management Training Culture Asset management Capital expenditure
Financial management Budgeting Cashflow management Asset management Capital expenditure
Outsourcing Intelectual property protection Contract management
Operations Product/service development Insurance Equipment management Environment management Resource allocation Housekeeping Emergency response Security Quality assurance Documentation Reporting Occupational health and safety Supply management Maintenance
Product/service delivery Project management Customer relationship management Post-sale service Guarantee management Occupational health and safety Hazard assessment/management Contract management Complaints management
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1238
In addition, these area are important to be included in the questionnaire since the risks faced by companies are highly interdependent between financial risk and business risk, business risk and operational risk, and operational risk and financial risks (Lam, 2014). See figure 1.1
Figure 1.1: Enterprise-Wide Risks
Figure 1.1, shows enterprise-wide risks or enterprise risk management (ERM) is assumed practiced by SMEs by looking at this three major organizational area namely; business risk, finance risk and operational risk. The reason to use this second step as indicator of ERM adoption for SME as the finding by Lundqvist (2014) in his study that 73% out of 143 respondents from large firms have said that they use definition of ERM other than COSO. Only few companies can claim they have fully implemented ERM, as defined by COSO (Proviti Inc., 2006). COSO (2004) is widely used in developed countries, while Asia Pacific Region are more familiar with AS/NZS 4360,2004 as a guide to ERM practices. Moreover, Bursa Malaysia Guideline also only adapted three of eight components of effective ERM namely control activities, information and communication and monitoring (Togok, 2016). Using 11-point scales, the respondent need to agree at level 3 and above for at least three ERM activities involved in their businesses to be considered as adopters. Leung (2016) suggest that 11-point scale as it increase sensitivity and is closer to interval level of scaling and normality. Details of the instrument form are as followed: Please circle ONE answer only the level of agreement (0 – very disagree until 10 – very agree) for the statement below. Your company business activities as stated below have already used ERM. .
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1239
Table 1.3: Basic ERM Adoption for SMEs
Business activities Level of agreement
Business Planning Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Human Resource Management Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Outsourcing Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Sales of products and services Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Emergency planning Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Financial management Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Products and services development Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Other, please state:_______________ Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Third step – Global ERM Framework Practices Third step is to strengthen the second step; the adopters need to answer the ERM question based on COSO (2004) framework. As mention before, COSO is more practiced in developed country since regulation on ERM are much more matured and advanced as compared to less developed countries (Togok, 2016). Since, Malaysia aims to be developed country; step 3 can give better measure to what extent ERM are fully practiced by SMEs. This framework defines eight components of ERM such as internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring (Chandra Shekhar & Warrier, 2004). Also by using 11 –point scale, the respondent need to agree at level 3 and above for at least three COSO (2004) components involved in their businesses. Some components is sufficient to represent the existence of COSO in the implementation of ERM among SMEs (Kiew Heong Angeline & Saw Teng, 2016). Details of the instrument as mentioned below: Please circle ONE answer only the level of agreement (0 – very disagree until 10 – very agree) for the given statement. Your company has already implemented ERM for the following activities as stated below.
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1240
Table 1.4: Question base on Global ERM Framework COSO (2004)
Question Level of agreement
1) Objective Setting
Has aligned its business risks with its corporate-level and business-unit-level goals and objectives
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has established explicit, corporate-wide risk tolerance levels or limits for all major risk categories
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has clearly communicated its expectations for risk-taking to senior managers
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
2) Internal Environment
Has communicated a risk management mission statement, value proposition, and benefits statement to senior managers
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has incorporated responsibility for risk management into the position description of all managers
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Board of directors or committee of the board is actively involved in the risk management process.
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
3) Information and Communication
Has a corporate-wide common language for communicating risk-type exposures, control activities, and monitoring efforts
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has regular briefs to the board and executive committee on risk management issues
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
4) Event Identification
Has established a comprehensive business risk inventory of the risks you expect your managers to manage 2.
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Its business units utilize facilitated self-assessment and/or survey techniques to map risks
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
5) Risk Response
Conducts formal risk assessment across the company on a regular basis
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1241
Its business units analyze the root cause, impact, and interrelationships of its risks
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has quantified its key risk to the best extent possible Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Has a process to integrate the effects of the major risk types (strategic, operational, financial, hazard, and legal)
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Its business units develop and determine risk mitigation strategies
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
6) Monitoring
Has established written risk policy and procedure manuals that are consistent across major risks
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Its business units monitor and report on current status of managing key risks
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Its business units monitor and report on current status of managing key risks
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
7) Risk Assessment
Risks were analysed by taking consider likelihood and risk impact as a basis to decide on how to manage the risk
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Risk assessment of financial aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Risk assessment of regulation compliance aspect has been done
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Risk assessment of technology aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Risk assessment of economical aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Risk assessment of goodwill has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1242
8) Control Activities
Policies and procedures were established and implemented to make sure an efficient risk response has been done
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on sales aspect has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on emergency planning has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on routine check on control effectiveness has been done
Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on task segregation has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on authority to approve has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on document and record has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
Control on the implementation process of ERM has been done Very disagree – Very agree 0 1 2 3 4 5 6 7 8 9 10
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1243
All these steps will then use to conclude either the respondents are adopters or non-adopters. Moreover it can help researcher to understand the level of adoption.
Figure 1.2: the process to identify adopters and non-adopters for SMEs
5. Conclusions Previous literatures discussed ERM and SMEs but yet there is a lack of study being proposed especially regarding ERM practices among SMEs in the Malaysian context. From the review of literature, the identification process of ERM adaptors and non-adopter will help researcher to have simple and systematic approach to develop more research on ERM and SMEs topic in the future. This study is very significant in enhancing understanding of ERM adoptions among SMEs in general and specifically in Malaysia. References Abdul Rasid, S. Z., & Abdul Rahman, A. R. (2009). Management Accounting and Risk Management
Practices in Financial Institutions. Jurnal Teknologi, 51, 89–110. Alliance, G. R. (2005). Risk management guide for small business. Amalina, N., Abdullah, M., Zakuan, N., Khayon, M., & Ariff, M. S. (2012). Adoption of Enterprise Risk
Management Practices in Organization : A Review. International Journal Business & Information Technology, 2(1), 1–9. Retrieved from http://excelingtech.co.uk/
Ayyagari, M., Demirguc-Kunt, A., & Maksimovic, V. (2011). Small vs . Young Firms across the World Contribution to Employment , Job Creation , and Growth.
Beasley, M. S., Clune, R., & Hermanson, D. R. (2005a). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting & Public Policy, 24(6), 521–531. Retrieved from
Step 1: Adoption base on Yes or No answer (preliminary identification)
Step 2: Adoption base on minimum 3 risk management practices with degree of agreement at level 3 of 11 - point scale within organization activities.
(Consider as basic ERM implementation base on Lam (2014) and Alliance (2005)
Step 3: Adoption base on minimum 3 of COSO's ERM component practiced with degree of agreement at level 3 0f 11- point scale.
(Global ERM Framework base on COSO (2004) ERM framework)
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1244
10.1016/j.jaccpubpol.2005.10.001%5Cnhttp://libaccess.mcmaster.ca.libaccess.lib.mcmaster.ca/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=19185873&site=ehost-live&scope=site
Beasley, M. S., Clune, R., & Hermanson, D. R. (2005b). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521–531. https://doi.org/10.1016/j.jaccpubpol.2005.10.001
Beasley, M. S., Clune, R., & Hermanson, D. R. (2005c). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521–531. https://doi.org/10.1016/j.jaccpubpol.2005.10.001
Brustbauer, J. (2016). Enterprise risk management in SMEs : Towards a structural model, (X). https://doi.org/10.1177/0266242614542853
Chandra Shekhar, P., & Warrier, S. R. (2004). Enterprise Risk Management - From the boardroom to shop floor. Domain Competency Group of Infosys Ltd. Retrieved from www.infosys.com
Dickinson, G. (2001). Enterprise Risk Management : Its Origins and Conceptual Foundation. The Geneva Papers on Risk and Insurance, 26(3), 360–366. https://doi.org/10.1111/1468-0440.00121
Ekwere, N. (2016). Framework of Effective Risk Management in Small and Medium Enterprises ( SMEs ): A Literature Review, 20, 23–46.
Falkner, E. M., & Hiebl, M. R. W. (2015). Risk management in SMEs : a systematic review of available evidence. https://doi.org/10.1108/JRF-06-2014-0079
Gorzeń-Mitka, I. (2013). Risk Identification Tools -- Polish Msmes Companies Practices. Problems of Management in the 21st Century, 7, 6–11. Retrieved from http://ra.ocls.ca/ra/login.aspx?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=89641545&site=bsi-live
Hoyt, R. E., Moore, D. L., & Liebenberg, A. P. (2008). The Value of Enterprise Risk Management : Evidence from the U . S . Insurance Industry. Unpublished Paper, 1–22.
Kiew Heong Angeline, Y., & Saw Teng, Y. (2016). Enterprise Risk Management: Evidence from Small-Medium Enterprises, (March), 151–170.
Lam, J. (n.d.). management The ERM Guide from AFP. Lam, J. (2014). Enterprise Risk Management: From Incentives to Controls; Second Edition. Wiley, 2,
1–476. Leung, S. (2016). A Comparison of Psychometric Properties and Normality in 4- , 5- , 6- , and 11-
Point Likert Scales A Comparison of Psychometric Properties and Normality in, 8376(January). https://doi.org/10.1080/01488376.2011.580697
Lundqvist, S. a. (2014). An exploratory study of enterprise risk management : Pillars of ERM. Journal of Accounting, Auditing, and Finance, 29(3), 393–429. https://doi.org/10.1177/0148558X14535780
Malaysia, S. C. (2012). Malaysian Code on Corporate Governance 2012, 1–43. Malaysia, S. C. (2012). Summary SME Masterplan 2012-2020. SME Corporation Malaysia. Kuala
Lumpur. Retrieved from http://medcontent.metapress.com/index/A65RM03P4874243N.pdf Malaysia, S. C. (2016). SME Annual Report 2015/16. Monda, B., & Giorgino, M. (2013). An ERM Maturity Model. Professional Risk Managers’
International Journal of Academic Research in Business and Social Sciences
Vol. 8 , No. 11, Nov, 2018, E-ISSN: 2222-6990 © 2018 HRMARS
1245
International Association, Society of Actuaries, 32, 1–23. Pagach, D., & Warr, R. (2008). The Characteristics of Firms that Hire Chief Risk Officers The
Characteristics of Firms that Hire Chief Risk Officers. Proviti Inc. (2006). Guide to Enterprise Risk Management : Frequently Asked Questions, 145. Razali, A. R., & Tahir;, L. M. (2011). Review of the Literature on Enterprise Risk Management.
Business Management Dynamics, 1(5), 08-16. Razali, A. R., & Tahir, L. M. (2011). Review of the Literature on Enterprise Risk Management.
Business Management Dynamics, 1(5), 08-16. Ropega, J. (2011). The Reasons and Symptoms of Failure in SME. International Advances in
Economic Research, 17(4), 476–483. https://doi.org/10.1007/s11294-011-9316-1 Salleh, F., & Ibrahim, M. D. (2011). Demographic Characteristics Differences of Risk Taking
Propensity among Micro and Small Business Owners in Malaysia. International Journal of Business and Social Science, 2(January), 149–153.
Shanmugam, J. K., Ali, A., Hassan, M., & Haat, C. (2012). Internal Control , Risk Management and Fraud Prevention Measures on Smes : Reliability and Validity of Research Instrument. International Conference on Business and Economic Research, (March), 475–494.
Togok, S. (2016). Factors Influencing The Effectiveness of Enterprise Risk Management (ERM) in Public Listed Companies. Universiti Malaya.
Vadiveloo, J., & Aguirre, M. (2013). Enterprise Risk Management – Small & Medium Sized Enterprises. In 2013 International Acturial Conference (pp. 1–31). Medellin, Colombia: Towers Watson.
Wan Daud, W. N., Yazid, A. S., & Hussin, H. M. R. (2010). The Effect Of Chief Risk Officer (CRO) On Enterprise Risk Management (ERM) Practices: Evidence From Malaysia. International Business & Economic Research Journal, 9(11), 55–64.
Yazid, A. S., Hussin, M. R., & Daud, W. N. W. (2011a). An Examination of Enterprise Risk Management (ERM) Practices among the Government-Linked Companies (GLCs) in Malaysia. International Business Research, 4(4), 94–103. https://doi.org/10.5539/ibr.v4n4p94
Yazid, A. S., Hussin, M. R., & Daud, W. N. W. (2011b). An Examination of Enterprise Risk Management (ERM) Practices among the Government-Linked Companies (GLCs) in Malaysia. International Business Research, 4(4), 94–103. https://doi.org/10.5539/ibr.v4n4p94
Yazid, A. S., Razali, A. R., & Hussin, M. R. (2011). Determinants of Enterprise Risk Management (ERM): A Proposed Framework for Malaysian Public Listed Companies. International Business Research, 5(1), 80–86. https://doi.org/10.5539/ibr.v5n1p80
Yolande Smit. (2012). A literature review of small and medium enterprises (SME) risk management practices in South Africa. African Journal of Business Management, 6(21), 6324–6330. https://doi.org/10.5897/AJBM11.2709
Yusuf, T. O., & Dansu, F. S. (2013). SMEs, Business Risks and Sustainability in Nigeria. European Journal of Business and Social Sciences, 2(9), 76–94. Retrieved from http://www.ejbss.com/Data/Sites/1/vol2no9december2013/ejbss-1312-13-smes,businessrisksandsustainabilityinnigeria.pdf